Created on
01-17-2025
06:28 AM
Edited on
06-21-2025
11:54 AM
By
Jean-Philippe_P
Description | This article describes the issue that occurs with local-in, Central-SNAT, DoS policies, etc, after upgrading FortiGates to versions 7.4.6 or 7.6.1. |
Scope | FortiOS v7.4.6+ and v7.6.1+. |
Solution |
Upgrading to v7.4.6 or v7.6.1, local-in, DoS,central-SNAT policies, etc, will be deleted or show empty values when the interface is part of an SD-WAN zone.
Refer to this Upgrade information : Policies that use an interface show missing or empty values after an upgrade
If local-in policy, DoS policy, interface policy, multicast policy, TTL policy, or central SNAT map used an interface in versions 7.4.5, 7.6.0 GA, or any previous GA version that was part of the SD-WAN zone, these policies will be deleted or show empty values after upgrading to version v7.4.6 or v7.6.1.
After upgrading to version 7.4.6 or 7.6.1 GA, users must manually recreate these policies and assign them to the appropriate SD-WAN zone.
An appropriate SD-WAN zone must be selected.
Local-in policy configuration from CLI :
config firewall local-in-policy
There is one more issue where the SD-WAN zone is not visible to configure via the GUI for DoS policy, Multicast policy, and Central SNAT policy. Create those policies from the CLI where the SD-WAN zone will appear to configure.
From CLI :
This does not impact VIPs already configured with specific interfaces, which are part of the SD-WAN zones as well. VIPs will remain as it is after the upgrade. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.